It appears that we have the exact same behavior in many other places in the system, pretty much everywhere in fact, e.g. categories, project name, user realname, etc. as they are generally printed with string_display_line and therefore accept tags defined in $g_html_valid_tags_single_line.

Therefore I'm now thinking we should leave this as it is, and just merge the'<admincheck>' tag with the 'admincheck' one in this tracker.

I would suggest than we disallow such tags in entity names like projects, tags, users, etc. We should probably limit the names to include standard printable characters like alpha, digits, underscore, dash, dot, etc.

We should allow spaces, but disallow "some[space][space]x", i.e. replace N spaces with a single space, and trim left/right.

The question is what to do with the existing entities that may violate such rules. We could handle them as part of the upgrader, or just sanitize at print time and use some new string_display method.